package com.luojialong.aop;

import com.luojialong.constant.PermissionStrategy;
import com.luojialong.enums.AffairStatus;
import com.luojialong.exception.AffairException;
import com.luojialong.model.domain.User;
import com.luojialong.service.UserService;
import com.luojialong.verification.UserPermissionCheck;
import org.aspectj.lang.ProceedingJoinPoint;
import org.aspectj.lang.annotation.Around;
import org.aspectj.lang.annotation.Aspect;
import org.springframework.stereotype.Component;
import org.springframework.web.context.request.RequestAttributes;
import org.springframework.web.context.request.RequestContextHolder;
import org.springframework.web.context.request.ServletRequestAttributes;

import javax.annotation.Resource;
import javax.servlet.http.HttpServletRequest;

/**
 * 权限校验的切面类
 * 根据@UserPermissionCheck的注解中最低,权限和策略,来执行权限控制
 * @author 罗家龙
 */
@Aspect
@Component
public class PermissionCheckAop {

    @Resource
    private UserService userService;


    @Around("@annotation(permissionCheck)")
    public Object doHandle(ProceedingJoinPoint joinPoint, UserPermissionCheck permissionCheck) throws Throwable {
        //获得最低权限的用户级别
        int leastRole = permissionCheck.LeastPrivilege();
        int strategy = permissionCheck.strategy();

        RequestAttributes requestAttributes = RequestContextHolder.getRequestAttributes();

        HttpServletRequest request = ((ServletRequestAttributes) requestAttributes).getRequest();



        User loginUser = userService.getLoginUser(request);
        if (loginUser == null) {
            throw new AffairException(AffairStatus.NOT_LOGIN, "你没有登录啊,不能访问此功能");
        }

        Integer role = loginUser.getRole();
        if (strategy == PermissionStrategy.PRIVATE_PROJECT) {
            String idStr = request.getParameter("userId");
            if (idStr == null) {
                throw new AffairException(AffairStatus.PARAMS_ERROR,"传参出错,参数有问题");
            }
            Long id = Long.parseLong(idStr);
            if (role < leastRole) {
                throw new AffairException(AffairStatus.NOT_ADMIN, "你权限不够");
            }
            if (role > leastRole){
                throw new AffairException(AffairStatus.NOT_LOGIN, "你越权了,请给下面的人一点隐私");
            }
            if (loginUser.getId() == id) {
                return joinPoint.proceed();
            }
        }
        if (strategy == PermissionStrategy.PRIVATE_PROJECT_INVADE) {
            String idStr = request.getParameter("userId");
            if (idStr == null) {
                throw new AffairException(AffairStatus.PARAMS_ERROR,"传参出错,参数有问题");
            }
            long id = Long.parseLong(idStr);
            if (role >= leastRole || loginUser.getId() == id) {
                return joinPoint.proceed();
            }
        }
        if (role < leastRole) {
            throw new AffairException(AffairStatus.NOT_ADMIN, "你权限不够");
        }
        if (strategy == PermissionStrategy.PROTECT_STRATEGY) {
            if (role == leastRole) {
                return joinPoint.proceed();
            } else {
                throw new AffairException(AffairStatus.NOT_LOGIN, "你越权了,请给下面的人一点隐私");
            }
        } else if (strategy == PermissionStrategy.INVADE_STRATEGY) {
            return joinPoint.proceed();
        }
        return joinPoint.proceed();
    }

}
